Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Asset Manager] Extract host assets from metrics #155870

Closed
Tracked by #155614
klacabane opened this issue Apr 26, 2023 · 3 comments · May be fixed by jasonrhodes/elastic-asset-etl-poc#1
Closed
Tracked by #155614

[Asset Manager] Extract host assets from metrics #155870

klacabane opened this issue Apr 26, 2023 · 3 comments · May be fixed by jasonrhodes/elastic-asset-etl-poc#1
Assignees
Labels
Feature:Asset Manager Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services Team:Observed Asset Management Label used for engineers working on various parts of observed asset management

Comments

@klacabane
Copy link
Contributor

Summary

Create a function that queries metrics indices and returns host asset documents constructed from the query response. The function should be implemented in this repository and run as part of this etl process.

See collectServicesFromSummaries for a blueprint.

@botelastic botelastic bot added the needs-team Issues missing a team label label Apr 26, 2023
@klacabane klacabane added Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services Team:Observed Asset Management Label used for engineers working on various parts of observed asset management Feature:Asset Manager labels Apr 26, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/infra-monitoring-ui (Team:Infra Monitoring UI)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Apr 26, 2023
@klacabane
Copy link
Contributor Author

klacabane commented Apr 27, 2023

Paired with @miltonhultgren on this today aiming at refining what the query would look like initially and what data we can/want to extract out of the documents returned.

Observations:

  • targeted metrics-*,metricbeat-* indices
  • there are not a lot of hosts (<10) available in edge-oblt
  • the query will collapse on host.hostname. We'll likely want to surface documents that have more metadata included (cloud.*, kubernetes.*..), how can we do that ? For example, if a hostname is represented by two documents and only one of them have cloud.service.name, can collapse favors it instead of the other ?
  • how can we rule out false positive (ie host.hostname is wrongly filled by apm php) ? We won't at first, but one potential solution is to build a blocklist of offending sources
  • some hosts may not have the metadata necessary to set the correct type (ie gce/ec2), what asset.type and asset.ean should we persist ? Should we ignore those for the moment or can we persist these values as a generic host:<id>. What if this asset is stored with the correct type from another source ? We won't be able to dedup based on ean. Note that this will also prevent us from routing the asset document to the right asset-{type} stream
  • Host data can surface containers and/or k8s pod informations. Should we also create assets out of them ? Yes, we can take the same approach when looking at services in apm data. For situations where it will create duplicate and two way references, the API accounts for that
  • how do we categorize hosts with cloud.provider (eg aws) but no cloud.service.name (eg ec2) ? Can we safely fallback to a default service ?

@miltonhultgren
Copy link
Contributor

how can we rule out false positive (ie host.hostname is wrongly filled by apm php) ? We won't at first, but one potential solution is to build a blocklist of offending sources

Just to note also that the OpenTelemetry agent seems to do the same thing (the pod is reported as host.name).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Asset Manager Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services Team:Observed Asset Management Label used for engineers working on various parts of observed asset management
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants